Bachelor- and Master Seminar CISPA Staff

Registration for this course is open until Monday, 01.08.2022 23:59.



Next Seminar on 13.10.2021

Dear All,

Welcome to the new seminar page!

The next seminar(s) take place on 13.10. at 14:00. Since there is RA4 talks in both sessions, if you are from RA4, you can choose which session you want to join this week :)

Session A: (RA4)
Vera Resch - Jonas... Read more

Dear All,

Welcome to the new seminar page!

The next seminar(s) take place on 13.10. at 14:00. Since there is RA4 talks in both sessions, if you are from RA4, you can choose which session you want to join this week :)

Session A: (RA4)
Vera Resch - Jonas Cirotzki - John Schmitt

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B: (RA 1,3,4)
Markus Bever - Anirudh Upadhya - Lorenz Hetterich

Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$

Session A:


Speaker: Vera Resch
Type of talk: Master Final Talk
Supervisor: Prof. Zeller
Advisors: Rahul Gopinath, Nikolas Havrikov
Title: Grammar-based URL Fuzzing: Field Study Exploring the WHATWG URL Standard
Research Area: 4

Abstract: Uniform Resource Locators (URLs) allow to quickly and precisely navigate today's web. Similar to the specifications of other web standards, such as HTML, the WHATWG maintains the URL specification as a living standard. However, because different applications use URLs for a multitude of purposes, there exists a variety of implementations of URL parsers, most of which claim to follow the URL standard.
This thesis uses grammar-based fuzzing together with a grammar of the current URL standard to examine how close the relationship between URL parsers and the standard is. In detail, this consists of testing the URL parsers included in the browsers Firefox and Chromium, as well as a selection of stand-alone URL parsers with inputs generated by executing a grammar-based fuzzer with a URL grammar based on the current standard and a URL grammar based on the RFC standard.
Finally, this thesis evaluates the number of errors encountered during test execution as well as the code coverages achieved in the selected URL parsers.
Results include that higher code coverages are reachable with inputs generated according to the current specification in comparison to inputs generated according to the RFC specification in ten out of eleven tested URL parsers. Furthermore, eight out of eleven tested URL parsers reject inputs based on the current specification less often than those based on the RFC specification.



Speaker: Jonas Cirotzki
Advisor: Sven Bugiel
Research Area: RA4

Abstract:missing info




Speaker: John Schmitt
Type of talk: Bachelor Final
Advisor: Dr. Sven Bugiel
Title: Implementing Certificate Transparency Inside Android Open Source Project
Research Area: 4

Abstract: Today the internet usage is as high as ever and gets more diverse every day. Therefore the security of the web is very important. One major point in security is the identity verification of web servers. To verify the identity of a web server, a web client has to rely on the validity of the provided certificate. As a result, web clients blindly trust in the integrity of the certificate authority to properly issue certificates. But what happens if a certificate authority is compromised, goes rogue, or issues flawed certificates?
In case of such a certificate misissuance, certificate transparency helps by providing a secure append-only log that documents every certificate issuance and thus enables accountability for certificate authorities.
Mobile devices are a major source of network traffic to web servers. Additionally, Android currently holds the biggest market share of mobile operating systems but does not present any solution to a certificate transparency implementation. With our work, we provide a proof of concept for an implementation of certificate transparency in the Android Open Source Project and make use of its benefits to protect Android users from certificate misissuance and thus Man-in-the-Middle attacks. Our evaluation has shown, that common apps are not negatively influenced by the prototypical implementation which, in our opinion, makes certificate transparency a very useful Android extension.


Session B:


Speaker: Markus Bever
Type of talk: Bachelor Final
Advisor: Antoine Joux, Anand Kunar Naranayan
Title: On parallelization for public key cryptanalysis
Research Area: RA1: Trustworthy Information Processing

Verifiable delay functions are exciting and new primitives in cryptography, especially
in the field of blockchains. The goal of this thesis is to study different approaches
to undermine the security of verifiable delay functions. For this we will try different
setups where the attackers control parts of a network and try to attack the verifiable
delay function in parallel. The current implementations of verifiable delay functions are
typically built based on number theoretical assumptions. There is a group underlying
the security of verifiable delay functions. We will focus on the example of a RSA-group.
Other candidates for the group include the ideal class group of quadratic imaginary
extensions. Verifiable delay functions are easily broken if the group order is known, in our
case this can be achieved by factoring. The fastest algorithm for factoring is the number
field sieve, which is part of the index calculus family and uses a lot of linear algebra. All
this candidates for breaking verifiable delay functions by finding the group order involve
index calculus methods. Here, the bottleneck is the linear algebra step. Also, we will
discuss Lenstra’s elliptic curve method for factoring. Our primary motivation was to
speed this up using parallelization. In this direction we investigated a new approach
from Fouque and Kirchner to calculate the group order in a black-box ring. This is an
extension of Maurers algorithm investigating the congruence between discrete logarithms
and the Diffie-Hellmann cryptosystem.



Speaker: Anirudh Upadhya
Type of talk: Master Intro
Advisor: Dr. Nils Ole Tippenhauer
Title: Safety and Security Critical Function Identification and Monitoring for Motor Controllers
Research Area: RA4

Abstract: Eletric scooters are becoming very popular recently and have been widely used. Most of these e-scooters and hoverboards are of cheap quality and buggy software without standardization. The firmwares of these scooters can be hacked to tweak scooter paramters. If the attacker has near access to the device he can maliciously tamper the sensor reading which can lead to wrong calculation torque vectors and then leading to a unintended acceleration or deceleration.​ The attacker can also increase the performance of the hoverboard with respect to its maximum speed etc or add additional functionalities to it.​
In this theses, we want to identify critical functions based on various currently available e-scooter architectures and find the impact on the e-scooter and thus the rider. We also want to implement runtime monitoring of these types of motor controllers. Monitoring software layer is used to check for errors in software or any unintended behavior from the user and curb them while bringing the system back to safe state or fail safe as defined in the architecture.​ Based on the critical functionalities the monitoring code is added. This code can utilize the existing TEE (Trusted Execution Environment) or run on a different core which has checker core feature (for example : Infineon AURIX 32 bit Tricore).​



Lorenz Hetterich

Type of talk:
Bachelor Final

Dr. Michael Schwarz

Exploting Spectre on IOS

Most CPUs don't stall execution when they encounter control flow instructions, but use predictors to make educated guesses on the destination (e.g. whether a branch is taken or not).
This allows them to speculatively continue execution resulting in a major time save upon correct predictions.
On incorrect predictions, speculatively executed instructions are not retired, the pipeline is flushed, and execution continues at the correct destination.
Whilst speculatively executed instructions are not visible on an architectural level, they may leave microarchitectural traces that can be observed using a side channel.
Spectre abuses this by mistraining predictors and observing microarchitectural state changes caused by speculative execution.
Even though research on Spectre has been done on most major platforms, Apple devices have hardly received any attention.
In my thesis, I evaluated the primitives required for cache side-channels on three Apple devices: An iPhone 7, an iPhone 8 Plus, and a M1 Mac Mini and successfully developed a simple Spectre proof of concept.
This talk will give an overview of the building blocks required for a simple Spectre attack and what difficulties we faced on Apple devices compared to other platforms.


Bachelor- and Master-Seminar

The bachelor/master seminar is a stage for all talks related to bachelor or master theses at CISPA.

The seminar is currently held bi-weekly on Wednesdays in odd-numbered calendar weeks. It takes place throughout the year, regardless of the lecture periods. You can join at any time. There are two parallel Zoom sessions from 14:00 to 15:30 with up to three talks each. The upcoming talks will be announced in the News section above.

Requirements for the course certificate

To pass the seminar, you have to

  • give an introductory talk where you present your thesis proposal

Furthermore, it is expected that you attend all talks of your own research area and participate in discussion during the time of your thesis work. You get a certificate and a grade for this course from your advisor. The advisor can contact us ( to check whether you meet all the passing conditions and to get a template for the certificate.

Further, you are required to hold a final talk about the results as a part of your thesis. While this talk is technically not part of the seminar but of the thesis work, you can still present it in the context of the seminar.

Attending a seminar session

Simply join one of the two parallel Zoom sessions. Choose the session with the talks you are most interested in. We welcome active participation and encourage you to ask questions and give helpful comments in the discussion after each talk.

During the seminar, we will share a link to an attendance sheet. Make sure to add your name to this document. We use these documents to track who attended which sessions.

Giving a talk in the seminar

Each talking slot is 30 minutes long. Your presentation should last about 20 minutes, so we have about 10 minutes left for discussion.

If you want to give a talk, you can book a time slot in one of the sessions. Use one of the following links for booking:

Please coordinate time and date with your advisor so that no two students of the same advisor present at the same time.

If you don't need a specific time slot, you can try to book 14:30, as some students either need the 14:00 or 15:00 slot. In rare cases, we will have to move the talks in a day, so please indicate which times you would be available. The final schedule will be announced in the News section a few days before the sessions take place.

To list your talk in the announcement, you will have to hand in some information about it, namely:

  • Speaker: Your name.
  • Type of talk: Bachelor Intro, Bachelor Final, Master Intro, or Master Final.
  • Advisor: The name of your advisor. If multiple advisors wish to attend the session, please list all of them so we can make sure that there are no collisions.
  • Title: Title of your talk.
  • Research Area: the number of your area. (In doubt check or ask your advisor) The areas are the following:
    • RA1: Trustworthy Information Processing
    • RA2: Reliable Security Guarantees
    • RA3: Threat Detection and Defenses
    • RA4: Secure Mobile and Autonomous Systems
    • RA5: Empirical and Behavioural Security
  • Abstract: Abstract of your talk.

Refer to previous announcements for examples.

Please submit this information at least one week in advance (until 23:59 on the Wednesday before your talk). Upload your information as a submission to CMS (see Personal Status), preferably as a plain text file (.txt). You can find a template in the materials section.

Contact the organizers

If there are any questions left, please use the mail address to contact the organizers.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators